Researcher found dangerous apps in Samsung Galaxy Store

Malicious apps have infiltrated Samsung’s official app store, the Galaxy Store, and users are complaining about multiple Play Protect detections on their devices.

Android Police reported that the malware mimics the once popular pirate app ShowBox, which was shut down back in 2018 after a coalition of film studios identified its operator and sued him. ShowBox and its twin brother MovieBox gave users access to copyrighted movies and TV shows without paying a subscription.

Obviously, the scammers were betting on the former popularity of the pirated app, and the “clones” were indeed well received by the Samsung user community. The counterfeits were advertised as streaming apps, promising anonymous access to protected content through an integrated VPN. Interestingly, according to Android Police, at least some of these apps did deliver the promised pirated features.

According to the linuxct mobile security specialist, who noticed the problem, clone apps trigger Google Play Protect by requesting access to dangerous permissions that could lead to malware being installed on the device.

After analyzing apps from the Samsung Galaxy Store, linuxct discovered an adware technology that can be used to execute code remotely and can be abused to execute commands on a device. Unfortunately, a scan via VirusTotal revealed that not all antivirus solutions detect this malware, marking it as potentially dangerous programs, Trojans, adware, and so on.

The publication explains that from a legal point of view, Samsung should have rejected these applications at the stage of consideration due to the description of their functionality, however, the Samsung Galaxy Store only checks applications for malware and malicious behavior, and copyright infringement is not taken into account. Since the apps did not contain out-of-the-box malicious code, they were not considered dangerous and were allowed into the store.

Let me remind you that we reported that Bugs in Apple Pay, Samsung Pay, and Google Pay allow unauthorized purchases, as well as that Researchers found on Google Play ad dropper that was downloaded more than 100 million times.